Personal assistant on screen in Chinese smart cars see national security risks

Biden Administration Sees National Security Risks in Chinese Smart Cars

The Biden administration has been making data privacy moves encompassing mobile apps and data brokers as of late, and its attention also appears to be on the potential national security risks of Chinese smart cars.

The administration has launched a formal investigation to explore what sort of private and personal information these cars might be gathering about drivers, along with the possibility of remote shutdown and espionage use of installed cameras and microphones. Commerce Secretary Gina Raimondo referred to Chinese smart cars as “smartphones on wheels,” and the Commerce Department has issued a notice of proposed rulemaking that could lead to further regulation of these vehicles.

National security risks of Chinese import vehicles to be explored

Chinese smart cars presently make up just a tiny sliver of the US electric car market. Plans to roll out Chinese brands in the US were announced in early 2019, only to be met almost immediately by an added 25% import tariff from the Trump administration. That and the ensuing Covid-19 pandemic essentially scrapped all plans for Chinese smart cars in the US market, with the 2022 Inflation Reduction Act putting another nail in the coffin by making foreign imports ineligible for environmental tax credits.

Chinese auto manufacturers still have hopes for the American market, however, after taking nearly 20% of the market in Mexico since 2017. Some industry experts believe that the only real barrier is the establishment of local plants, which would eliminate the tariff and make the cars eligible for tax credits. Some estimates have that happening as early as next year.

Ahead of this possibility, the Biden administration is examining the possible national security risks of having thousands of Chinese smart cars on US roadways. One possibility is that all of these cars could be remotely disabled at once, causing potentially widespread and serious traffic accidents. Another is that their equipped sensors could be leveraged as spy devices, something the Chinese government has taken issue with Tesla about.

But the main concern is that the personal data of Americans (and information about their regular movements) could be vacuumed up by Chinese smart cars, and whether intentionally or not, could wind up in the hands of the Chinese government. The issue is similar to the one TikTok is facing, in that any data that flows back to servers in China has to be considered available to the government given the country’s national security laws.

Chinese smart cars could be potent data collectors

US officials believe that Chinese smart cars could gather location, personal and biometric information from drivers, creating a variety of possible national security risks if that information is pipelined back to China’s government. The White House believes that espionage plans for these vehicles would likely center on workers at critical infrastructure locations and those who regularly visit or pass them. Something similar happened in Ukraine recently, as Russia’s state-sponsored hackers were discovered to be heavily focusing on internet-connected residential and business security cameras that could be hacked and have their viewing angle changed to point at targets of interest for missile attacks.

Chinese smart cars are not unique in being data vacuums, however. A September 2023 study by the Mozilla Foundation found that smart vehicles in general were the worst category of product that handles personal information, calling them a “privacy nightmare.” Data is not only absorbed from a variety of sensors in the car, but also from phones and tablets that are connected to the car, as well as connected third party services and sources (like GPS mapping or satellite radio). All of the American car brands studied gave drivers little to no control over what data was collected, and all are extremely opaque about how (or if) they encrypt data and what their security practices are. At least two major car brands are up front about specifically looking for “sex life” data from drivers. The situation obviously creates ample room for national security risks from foreign manufacturers, given the data handling practices of these vehicles are almost entirely unregulated.

Chinese smart cars are available in the EU, where they jumped from 0.4% to 8% of the market between 2020 and 2023 and are projected to hit 15% by 2025. In September of last year, the European Commission launched an investigation into applying tariffs to EVs from China as part of a general movement in the bloc to reduce its dependence on imports from the country. The investigation has been allotted 13 months to complete, but is not specifically addressing perceived national security risks.

The potential national security risks of smart vehicles are well-known to the Chinese government. It has already been in a tilt with Tesla over the issue, barring Elon Musk’s vehicles from certain roads and parking lots where their cameras and microphones might pick up intelligence on government operations. Musk has insisted that any information the vehicles pick up is kept confidential, but Tesla has experienced a major data leak by two former employees and was also found to have been internally mishandling videos captured by the “Sentry Mode” of its cars (with employees passing unusual videos around the office as entertainment).

Musk has also said that China fields the world’s most competitive smart car manufacturers and that these companies should be expected to “demolish” competition in other countries if they are not kept in check with tariffs or other trade barriers.

Roger Grimes, data-driven defense evangelist at KnowBe4, sees the rest of this saga taking a very long time to play out: “This event is a small part of a larger, valid concern of who collects information on who, which is a particular concern between nation states. and it’s not just cars and 5G networks in the news and of concern to the US gov’t, it’s also Tik-Tok. But really it’s everything. And sadly, everyone’s information…where they go, what they do, who they interact with is likely for ready sell on hundreds of sites and services and also under the ownership of multiple nation-states. The cats out of the bag and exploded and now everyone is trying to figure how to put the cat back together. The answer isn’t it cannot be without more laws, regulations, and international agreements, which will likely never happen. So, we will likely continue to let our various governments attack the larger problem one smaller bite at a time, when the latest topic of the day becomes of interest.”